August 31, 2007
|Point, Click, Wiretap||Black Ops Rights, Law Science/Technology|
Documents obtained by the Electronic Frontier Foundation show that the FBI has developed a capability to instantly wiretap almost any communications device in the country. Wired:
The FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device, according to nearly a thousand pages of restricted documents newly released under the Freedom of Information Act.
The surveillance system, called DCSNet, for Digital Collection System Network, connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It is far more intricately woven into the nation's telecom infrastructure than observers suspected.
It's a "comprehensive wiretap system that intercepts wire-line phones, cellular phones, SMS and push-to-talk systems," says Steven Bellovin, a Columbia University computer science professor and longtime surveillance expert.
DCSNet is a suite of software that collects, sifts and stores phone numbers, phone calls and text messages. The system directly connects FBI wiretapping outposts around the country to a far-reaching private communications network.
Many of the details of the system and its full capabilities were redacted from the documents acquired by the Electronic Frontier Foundation, but they show that DCSNet includes at least three collection components, each running on Windows-based computers.
The $10 million DCS-3000 client, also known as Red Hook, handles pen-registers and trap-and-traces, a type of surveillance that collects signaling information — primarily the numbers dialed from a telephone — but no communications content. (Pen registers record outgoing calls; trap-and-traces record incoming calls.)
DCS-6000, known as Digital Storm, captures and collects the content of phone calls and text messages for full wiretap orders.
A third, classified system, called DCS-5000, is used for wiretaps targeting spies or terrorists. [Emphasis added]
The article says that the telecom companies retain control of their switches and only turn on a wiretap when presented with a court order. But it also says that the system is highly insecure, especially against abuse by FBI insiders.
To my mind, the most significant revelation is the degree to which surveillance capabilities are baked into the system. It's set up to be tappable from end to end. Even if the FBI doesn't abuse it, even if the NSA and the CIA and all the other agencies whose names we don't even know don't abuse it, it all sounds eminently hackable. As one of the computer scientists said in the article:
Any time something is tappable there is a risk. I'm not saying, "Don't do wiretaps," but when you start designing a system to be wiretappable, you start to create a new vulnerability. A wiretap is, by definition, a vulnerability from the point of the third party. The question is, can you control it?
A hacker's playground.